SSL Certificate Agility with Postfix

RFC 4492 and RFC 6460 introduced a number of TLS ciphers based on elliptic curve cryptography (ECC). While some of them are designed to work with RSA keys (which is what most encrypted website on the Internet are using at this point of time) others are designed to be used with a new type of keys which use the ECDSA algorithm. The advantage of using ECDSA keys instead of RSA keys is the superior performance and hopefully superior security.

But as with all new standards it takes a while before ECDSA got widely adopted. Almost 10 years later most modern browsers support this crypto algorithm. But there are still browsers (often running under outdated operating systems) and even web search engine crawlers in use that only support RSA. It is therefore still desirable to support both ECDSA and RSA keys in parallel. This approach is called certificate agility because the server is configured with multiple key/certificate pairs and automatically chooses one depending on the capabilities of the client.

Inspired by this blog article I recently created an ECDSA key (using the secp384r1 curve for compatibility with Google’s browser Chrome) for my Apache web server, got it signed by a certificate authority and enabled certificate agility. If you use Firefox or Chrome you can click on the pad lock next to the URL bar to check which of my two keys your browsers used during the key exchange. Encouraged by this quick win I wanted to enable certificate agility for more services. The obvious next target was Postfix, the mail server software that handles all the e-mail from and to my domains.

Modern versions of Postfix feature full support for certificate agility. They can be configured to use any combination of RSA, DSA and ECDSA keys. If you want to use an RSA and an ECDSA key you only need four configuration statements similar to these:

# RSA key and certificate chain
smtpd_tls_key_file = /etc/ssl/private/smtpd-key.pem
smtpd_tls_cert_file = /etc/ssl/certs/smtpd-cert.pem
# ECDSA key and certificate chain
smtpd_tls_eckey_file = /etc/ssl/private/smtpd-key-ecdsa.pem
smtpd_tls_eccert_file = /etc/ssl/certs/smtpd-cert-ecdsa.pem

The devil is however in the detail, at least if your system uses OpenSSL 1.0.1 and not 1.0.2. While OpenSSL 1.0.1 supports multiple keys for a TLS server endpoint it only supports a single intermediate certificate chain. And without the correct intermediate certificates SMTP clients won’t be able to verify the validity of your servers certificate. To work around this limitation you need to create the certificate files from the above configuration example like this:

  1. /etc/ssl/certs/smtpd-cert.pem contains the certificate for the RSA key stored in /etc/ssl/private/smtpd-key.pem followed by the intermediate certificate for both keys.
  2. /etc/ssl/certs/smtpd-cert-ecdsa.pem contains the certificate for the ECDSA key stored in /etc/ssl/private/smtpd-key-ecdsa.pem again followed by the intermediate certificate for both keys.

With this configuration SMTP clients will always receive all the necessary certificates to validate your server certificate. The only downside is that they will also receive two certificate that they don’t need. That should however not have any noticeable consequences. You can now test certificate agility using the OpenSSL command line client:

openssl s_client -cipher ECDHE-RSA-AES128-SHA -connect <your server>:25 -starttls smtp
openssl s_client -cipher ECDHE-ECDSA-AES128-SHA -connect <your server>:25 -starttls smtp

Both commands should result in a successful connection. Certificate validation should also work but you might have to supply an extra command line argument like -CApath /etc/ssl/certs to specify the location of the certificate authority catalog.

There is however still one problem with such a setup: although Postfix now supports certificate agility it is still going to use the RSA key most if not all the time. The reason is that OpenSSL still prefers RSA over ECDSA by default. And as (almost?) all SMTP clients support RSA it is always going to be used in preference of ECDSA. To change this behaviour you need to modify the cipher lists used by Postfix. This is however a change which is usually discouraged. So please consider it carefully. On my setup I’ve configured Postfix’s TLS settings as follows:

smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, RC4
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3

The cipher exclusion list is probably not necessary anymore. But I leave it in there just to be hundred percent sure. After this change certificate agility finally works as desired:

Jul 24 19:31:37 colwyn postfix/smtpd[22130]: Anonymous TLS connection established from[2a00:1450:4010:c03::244]: TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)

I haven’t noticed any problems with such a setup since I deployed it on my mail server two weeks ago.

DNSSEC for UK domains

I finally got around to enable DNSSEC (Domain Name System Security Extensions) for my primary domain This extra layer of protection makes it much harder to forge DNS entries for my domain.

Following the steps in this tutorial the whole process was not very difficult. Although I had to make a few adjustments because Nominet, the UK domain registry, mandates the use of different key algorithms for DNSSEC.

Here are the appropriate commands for UK domains:

dnssec-keygen -a RSASHA256 -b 1024 -n ZONE
dnssec-keygen -f KSK -a RSASHA256 -b 2048 -n ZONE

If the OpenSSL command client is available on your system you can also generate the salt for the zone signing with a single command:

openssl rand -hex 8

After you have completed the configuration of your name server you can use VeriSign’s DNSSEC Analyzer to test your setup. If everything is working correctly the DNSSEC Analyzer should only complain about the missing DS records in the parent zone. To rectify this you need to submit the DS records to your domain registrar who in turn will submit them to Nominet. Once this has been done you should have complete DNSSEC protection for your domain.

I hope these tips help other people to get their UK domains protected with DNSSEC as well.

Game of the Month: Dragon Age: Inquisition

Six years ago BioWare published Dragon Age: Origins, the first game of their new fantasy series. Thanks to its excellent story, rich lore, good game play and the epic size of the fictional world the game became a massive success. Its successor Dragon Age II however was less well received. Oversimplified role play elements, a too small game world and a less engaging story left a lot of fans of the first part quite disappointed. BioWare promised to learn from their mistakes and deliver a much better experience in the third part, Dragon Age: Inquisition.

The events in Kirkwall during the second game have lead to a mage rebellion. The resulting civil war between the mages and the Templar Order is devastating the whole continent of Thedas. The casualties on both sides and among the innocent population are high. The leader of the Chantry,  the dominant church, wants to stop the violence and uses her dwindling influence to host peace talks. But an enormous magical explosion kills her and the delegates of both sides. Even worse it also opens a massive breach into the Fade, the parallel world occupied by magical beings. Daemons pour through this opening and indiscriminately attack everybody in sight. More rifts into the Fade open in all of Thedas and the whole continent is descending into chaos.

The players character was sent as an observer to the peace talks and finds herself (or himself if you must) in the Fade after the explosion. She only narrowly manages to escape the daemons and uses the breach to cross back into the normal world. But the remaining forces of the Chantry arrest her on suspicion of causing the fatal explosion. With no memory of the events and a strange glowing magical mark embedded in her left hand, that is clearly linked to the breach, her chances of proving her innocence seem to be slim. However things change when it turns out that the mark allows her to close the rifts into the Fade and stop the daemons from invading the world. Her attempt to close the main breach only partially succeeds and almost kills her. But her heroics drastically change people’s attitude towards her. While a minority still believe she is responsible for the catastrophe the majority perceives her as a holy saviour that stands between Thedas and its utter destruction. She must now become the Inquisitor to lead the newly formed Inquisition and turn it into a force that can save Thedas and restore peace and order.

Dragon Age: Inquisition is indeed a major improvement over its predecessor. The game world is absolutely enormous. The first major area that the player unlocks is probably already larger than all the locations in Dragon Age II combined. And there are over half a dozen of such regions. The role play elements also offer much more depth again. All classes provide a lot of different skill trees and three specialisations which allow a lot of interesting builds resulting in very different combat styles. Warriors and rogues are no longer limited to a given weapon type and can be trained according to the player’s preferences. These improvements are also reflected in the combat system which features a tactical mode that allows precise control over all four characters in the party and enables devastating combined attacks.

The game also features a record number of companions and love interests. As they all have different backgrounds, beliefs and agendas the player faces an interesting challenge to keep them all in line. For the main character the player can choose one of four races, the gender and the class. All combinations have unique social backgrounds, which are reflected throughout the game. While a human Inquisitor will face less resentments by the exclusively human nobility she will also have more limited options to interact with the other races. A mage Inquisitor has a hard time to earn trust as people have suffered a lot at the hands of the rebel mages.

A common theme in BioWare games are the decision that the player can make. These decision often greatly influence the following events. Dragon Age: Inquisition is no exception and as in its predecessor there is often no right and no wrong choice, no good and no evil option. But there are always consequences and often enough not the ones that you were hoping for. The game even references past events defined by the player’s choices in both of the previous games and seamlessly connects them to the current storyline.

Dragon Age: Inquisition is BioWare at its best: a role play game with an exciting plot, a huge number of interesting characters, witty dialogs and a fantastic setting. The game provides a good compromise between the traditional and slightly unwieldy role playing of the first game and the over simplified action adventure style of the second game. If there is anything to complain about it is the final showdown. BioWare decided to split it over multiple missions and somewhat fail to maintain the arc of suspense. But that doesn’t change the fact that Dragon Age: Inquisition is a great adventure that feels like creating your own epic fantasy movie. And although the story comes to a satisfying conclusion it paves the way for more exciting adventures. I definitely hope to pay Thedas another visit in the future. 🙂

Taking comfort in the Unfairness of the Universe